The present disclosure relates to encryption, and more particularly to issues surrounding the use of symmetric keys in which the party encrypting content and the party decrypting it need access to the same key. Despite the speed and efficiency of symmetric key encryption in comparison to other methods, it has fallen into relative disfavor because of the onerous task of key management.
Symmetric key management typically entails these tasks: Create a new key for every data segment (e.g., file or message) to be made secure, record the key, keep it safe from hackers and eavesdroppers, securely transmit the key to other persons who are intended recipients, ensure that the recipients' use of the keys is in turn correct and safe, and arrange that keys are destroyed in a timely manner. These tasks combine to make “symmetric key management” so annoying and error prone that people in cybersecurity are hesitant to impose it upon lay people. As a result, encryption is left to the experts who are all too willing to make other people's content private, sometimes with a hidden cost—data mining of the content prior to encryption. In other words, third party experts hold the keys, and the end user loses control.
A dramatic reduction in the symmetric key management problem would constitute a major contribution to the privacy needs of individuals, the security needs of organizations and government, and the capacity of the cybersecurity industry to serve its many constituencies.